CableLabs Responds to Modem-Hacking Stories

With the mainstream news media launching another round of
stories questioning cable-modem-network security, industry researchers are taking pains to
label the issue as bogus.

Irked by what it sees as incomplete coverage of the
security question, Cable Television Laboratories Inc. has produced a white paper detailing
the security features that are inherent in cable's high-speed-data network and reiterating
the basic steps operators and their Internet-surfing customers should take to keep hackers
out of their hard drives.

"The total system is not only secure, but it also
provides customer benefits and choices that far exceed the perception of this
concern," said Rouzbeh Yassini, project director of CableLabs' Data Over Cable
Service Interface Specification standards effort and author of the white paper.

"As long as you follow the guidelines we have provided
and the hooks we have built in, I don't believe that as a technology in this industry,
there is a problem," Yassini said. "This is really misinformation."

Yassini added that one impetus for the white paper -- which
CableLabs is posting on its Web site (www.cablelabs.com) -- came from cable
operators that were irate over recent stories by such national and local outlets as the
Associated Press, TheNew York Times and the Minneapolis Star Tribune.

Those reports generally detailed incidents where
subscribers told either of having their cable-modem-connected computers get hacked or of
themselves snooping into the hard drives of neighboring subscribers -- phenomena that date
back to the earliest cable-modem launches.

Singled out as heightening the risks were the
"always-on" connection of cable modems to the network and the cable-system
architecture, which essentially treats subscribers as members of a shared local-area
network.

Cable-modem rivals have also begun seizing the security
issue as a competitive weapon. GTE Corp., for one, touts its digital-subscriber-line
service as a "secure, dedicated line" from the subscriber to the telco's local
central office, "rather than sharing the line with multiple users in their
neighborhoods, as is generally the case with cable modems."

"Many of our customers are concerned about the
security risks associated with cable modems, where an entire neighborhood may share the
same network," said Doug Fulp, assistant vice president of GTE's
ADSL-program-management office, in a recent news release.

While acknowledging that connecting to any open network
like the Internet creates security risks regardless of the platform, Yassini and a number
of cable-modem-service providers said the issue was overblown.

For example, the reported incidents where subscribers
peeped into neighbors' hard drives would have been prevented if those neighbors had turned
off the file-sharing feature of their PCs' operating systems.

That feature enables multiple users to access a computer's
hard drive -- over any platform, whether dial-up, DSL or cable modem -- to facilitate
business-type functions or sharing of files and printers by remote users.

Specifically to prevent unauthorized outside entry, most
cable-modem services advise subscribers to turn file sharing off at installation, or the
installer does it, unless otherwise instructed.

MediaOne Group Inc. automatically blocks the file-sharing
protocol of Microsoft Corp.'s Windows operating system using data-packet-filtering
software, and users must submit written requests to override the block.

MediaOne Labs director of broadband-data services Tim
O'Keefe said the MSO began filtering several years ago, following initial launches of its
modem service, when people realized that they could explore each other's hard drives by
surfing the "Network Neighborhood" directory of their Windows PCs.

"You can tell people how to turn it off, but not
everybody knows how to do that," O'Keefe added.

The blocking was also intended to discourage use of the
cable system for de facto home networking, where a two-PC household might share a printer
or swap data by using network bandwidth instead of in-house wiring.

"People who know enough to ask to have it removed know
enough that they're exposing themselves to risk," O'Keefe said. "By far, most
users are looking for protection, and not the opposite."

Kevin McElearney, vice president of network-support
services for Road Runner, said nothing in the cable-system architecture itself introduces
security holes to Internet-connected users, adding that issues raised in recent reports
apply to all Internet connections and transmission platforms.

Another purported security hole -- the always-on connection
between cable modems and the Internet -- is typically addressed by another feature that is
inherent in the dynamic host configuration protocol (DHCP) used by DOCSIS systems: dynamic
Internet-protocol addresses, McElearney said.

Shifting a user's IP address regularly makes it tougher for
a hacker to invade an online computer, and many Internet-service providers offering DSL
access use the same feature for the same reason.

"Most of what needs to be done is education,"
McElearney said. "Even though Road Runner has the same issues as any other provider,
we offer things like encryption. And during installation, we inform the customer what the
Internet is and what their security should be."

Yassini said that besides posting the white paper on the
Internet, CableLabs planned further dissemination of it with service providers and the
vendor community for use in their interactions with MSOs and customers.